Authorization tutorials

The IIS server can be configured to control the resources that can be
accessed by users.You can control the access permissions on an IIS Web site by
marking the allowed operations on the Web site. The different permission levels
include the following:

Read: Allows users to retrieve and read the content stored in the
virtual directory. This permission is assigned to most virtual directories.

Write: Allows users to retrieve and modify the content stored in the
virtual directory. If a Web site is open to receiving content over the HTTP
protocol, the virtual directory used to store the received files must have the
write permission. A typical example of this would be a virtual directory that
stores the files that are uploaded as attachments to e-mail messages.

Directory browsing: Allows users to view the contents of the entire
virtual directory. This is similar to viewing an FTP folder.

Log visits: Keeps track of the number of users who visit the site,
and records information about various details, such as the IP address of the
client and the resources that are requested for.

Index: Uses Microsoft Index Server to index the virtual directory.
The contents of the directory can be retrieved in a search result using the
Index Server.

In addition to the IIS permission levels, NTFS permissions can also be used
to secure the files and directories on a Web server. The following are the
different access permissions that can be assigned to users and groups for the
files and directories on the server:

Full Control: Allows users to have complete control on files and/or
directories.

Modify: Allows users to modify the contents of files and/or
directories.However, users will not be able to delete files and/or directories.

Read & Execute: Allows users to read the contents of the
existing files and/or directories and execute any application stored in that
folder. However, users will not be able to modify the contents of the files
and/or directories.

List Folder Contents: Allows users to view the contents of the
folder. However, users will neither be able to read the contents of any file in
the folder nor modify any contents.

Write: Allows users to make changes to files and/or directories.

No Access: Does not allow any access to files and/or directories.

Role-based Security

A role is a named set of users that have the same privileges with
respect to security. For example, sales agent and sales manager are two
different roles. Each role has the same security privileges. A user can be a
member of one or more roles.

Applications can readily use role membership to determine whether or not a
user is authorized to perform a requested action. Roles are like groups in the
sense that multiple users can belong to a role and a user can also belong to
multiple roles.

Although roles are logically equivalent to security groups, there is a
major difference. Roles are always specific to an application, whereas
typically groups are not specific to any application — they are defined at the
operating system level.

Roles are often used in Web applications to enforce security authorization
policy. For example, an online banking application may impose a limit of
$500,000, which cannot be exceeded by a teller in a single debit or credit
transaction — only a manager can conduct this transaction. In such a situation,
you can configure the application to allow the tellers to process transactions
that are less than $500,000 and managers to process transactions that exceed
$500,000.

Microsoft, first, introduced support for defining application roles in
Microsoft Transaction Server (MTS) and extended this further with the release
of COM+ 1.0 in Windows 2000. With the launch of the Microsoft .NET Framework,
the support for role-based security has been extended further. The .NET
Framework provides role-based security support that is flexible and extensible
enough to meet the needs of a wide spectrum of applications.

For Example: a user User1 might belong to group Administrators and
the same role can be used in ASP.NET applications. You can check whether a user
belongs to a particular role or not you need to write something like this:

if(User.IsInRole("BUILTIN\Administrators")

{

//display all options

}

else

{

//display limited options

}

Here, the IsInRole
() method is used to check whether a given user has a given role.

Thank you for visiting www.cbtSAM.com. This site is dream of Samir Patel, when most people dream when in sleep, my dream doesn't let me sleep. cbtSAM Web site is provided as a service and learning tool to the public. While the information contained within the site is periodically updated,no guarantee is given that the iormation provided in this Web site is correct, complete, and up-to-date. We are not responsible for... Read More .